Documentation
¶
Index ¶
Constants ¶
View Source
const GroupName = "authentication.k8s.io"
Variables ¶
View Source
var ( GroupVersion = metav1.GroupVersion{Group: GroupName, Version: "v1"} SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme SchemaGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} )
Functions ¶
This section is empty.
Types ¶
type BoundObjectReference ¶
type BoundObjectReference struct {
// Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
Kind string `json:"kind,omitempty"`
// API version of the referent.
APIVersion string `json:"apiVersion,omitempty"`
// Name of the referent.
Name string `json:"name,omitempty"`
// UID of the referent.
UID string `json:"uid,omitempty"`
}
func (*BoundObjectReference) DeepCopy ¶
func (in *BoundObjectReference) DeepCopy() *BoundObjectReference
func (*BoundObjectReference) DeepCopyInto ¶
func (in *BoundObjectReference) DeepCopyInto(out *BoundObjectReference)
type ExtraValue ¶
type ExtraValue []string
type TokenRequest ¶
type TokenRequest struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
// Spec holds information about the request being evaluated
Spec TokenRequestSpec `json:"spec"`
// Status is filled in by the server and indicates whether the token can be authenticated.
Status *TokenRequestStatus `json:"status,omitempty"`
}
func (*TokenRequest) DeepCopy ¶
func (in *TokenRequest) DeepCopy() *TokenRequest
func (*TokenRequest) DeepCopyInto ¶
func (in *TokenRequest) DeepCopyInto(out *TokenRequest)
func (*TokenRequest) DeepCopyObject ¶
func (in *TokenRequest) DeepCopyObject() runtime.Object
type TokenRequestList ¶
type TokenRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []TokenRequest `json:"items"`
}
func (*TokenRequestList) DeepCopy ¶
func (in *TokenRequestList) DeepCopy() *TokenRequestList
func (*TokenRequestList) DeepCopyInto ¶
func (in *TokenRequestList) DeepCopyInto(out *TokenRequestList)
func (*TokenRequestList) DeepCopyObject ¶
func (in *TokenRequestList) DeepCopyObject() runtime.Object
type TokenRequestSpec ¶
type TokenRequestSpec struct {
// Audiences are the intendend audiences of the token. A recipient of a
// token must identify themself with an identifier in the list of
// audiences of the token, and otherwise should reject the token. A
// token issued for multiple audiences may be used to authenticate
// against any of the audiences listed but implies a high degree of
// trust between the target audiences.
Audiences []string `json:"audiences"`
// ExpirationSeconds is the requested duration of validity of the request. The
// token issuer may return a token with a different validity duration so a
// client needs to check the 'expiration' field in a response.
ExpirationSeconds int64 `json:"expirationSeconds,omitempty"`
// BoundObjectRef is a reference to an object that the token will be bound to.
// The token will only be valid for as long as the bound object exists.
// NOTE: The API server's TokenReview endpoint will validate the
// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
// small if you want prompt revocation.
BoundObjectRef *BoundObjectReference `json:"boundObjectRef,omitempty"`
}
func (*TokenRequestSpec) DeepCopy ¶
func (in *TokenRequestSpec) DeepCopy() *TokenRequestSpec
func (*TokenRequestSpec) DeepCopyInto ¶
func (in *TokenRequestSpec) DeepCopyInto(out *TokenRequestSpec)
type TokenRequestStatus ¶
type TokenRequestStatus struct {
// Token is the opaque bearer token.
Token string `json:"token"`
// ExpirationTimestamp is the time of expiration of the returned token.
ExpirationTimestamp metav1.Time `json:"expirationTimestamp"`
}
func (*TokenRequestStatus) DeepCopy ¶
func (in *TokenRequestStatus) DeepCopy() *TokenRequestStatus
func (*TokenRequestStatus) DeepCopyInto ¶
func (in *TokenRequestStatus) DeepCopyInto(out *TokenRequestStatus)
type TokenReview ¶
type TokenReview struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
// Spec holds information about the request being evaluated
Spec TokenReviewSpec `json:"spec"`
// Status is filled in by the server and indicates whether the request can be authenticated.
Status *TokenReviewStatus `json:"status,omitempty"`
}
func (*TokenReview) DeepCopy ¶
func (in *TokenReview) DeepCopy() *TokenReview
func (*TokenReview) DeepCopyInto ¶
func (in *TokenReview) DeepCopyInto(out *TokenReview)
func (*TokenReview) DeepCopyObject ¶
func (in *TokenReview) DeepCopyObject() runtime.Object
type TokenReviewList ¶
type TokenReviewList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []TokenReview `json:"items"`
}
func (*TokenReviewList) DeepCopy ¶
func (in *TokenReviewList) DeepCopy() *TokenReviewList
func (*TokenReviewList) DeepCopyInto ¶
func (in *TokenReviewList) DeepCopyInto(out *TokenReviewList)
func (*TokenReviewList) DeepCopyObject ¶
func (in *TokenReviewList) DeepCopyObject() runtime.Object
type TokenReviewSpec ¶
type TokenReviewSpec struct {
// Token is the opaque bearer token.
Token string `json:"token,omitempty"`
// Audiences is a list of the identifiers that the resource server presented
// with the token identifies as. Audience-aware token authenticators will
// verify that the token was intended for at least one of the audiences in
// this list. If no audiences are provided, the audience will default to the
// audience of the Kubernetes apiserver.
Audiences []string `json:"audiences"`
}
func (*TokenReviewSpec) DeepCopy ¶
func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec
func (*TokenReviewSpec) DeepCopyInto ¶
func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec)
type TokenReviewStatus ¶
type TokenReviewStatus struct {
// Authenticated indicates that the token was associated with a known user.
Authenticated bool `json:"authenticated,omitempty"`
// User is the UserInfo associated with the provided token.
User *UserInfo `json:"user,omitempty"`
// Audiences are audience identifiers chosen by the authenticator that are
// compatible with both the TokenReview and token. An identifier is any
// identifier in the intersection of the TokenReviewSpec audiences and the
// token's audiences. A client of the TokenReview API that sets the
// spec.audiences field should validate that a compatible audience identifier
// is returned in the status.audiences field to ensure that the TokenReview
// server is audience aware. If a TokenReview returns an empty
// status.audience field where status.authenticated is "true", the token is
// valid against the audience of the Kubernetes API server.
Audiences []string `json:"audiences"`
// Error indicates that the token couldn't be checked
Error string `json:"error,omitempty"`
}
func (*TokenReviewStatus) DeepCopy ¶
func (in *TokenReviewStatus) DeepCopy() *TokenReviewStatus
func (*TokenReviewStatus) DeepCopyInto ¶
func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus)
type UserInfo ¶
type UserInfo struct {
// The name that uniquely identifies this user among all active users.
Username string `json:"username,omitempty"`
// A unique value that identifies this user across time. If this user is
// deleted and another user by the same name is added, they will have
// different UIDs.
UID string `json:"uid,omitempty"`
// The names of groups this user is a part of.
Groups []string `json:"groups"`
// Any additional information provided by the authenticator.
Extra map[string]ExtraValue `json:"extra,omitempty"`
}
func (*UserInfo) DeepCopyInto ¶
Source Files
Click to show internal directories.
Click to hide internal directories.